My recent experience was to get locked out of an account for a few incorrect password attempts. I was the source, had forgotten I changed it or something, the incorrect attempts were a while ago and I don't remember what I was thinking at the time. Required hours on hold waiting for an operator and dancing through stupid hoops (that make more sense to me as audit ass covering than actual security).
Huge pain in the ass.